A hot potato: Microsoft likely thought it was doing Copilot+ PC users a service with its original introduction of Recall, an AI-powered feature meant to help people find and remember things they've previously seen on their computer. Instead, users were thoroughly dismayed by the lax privacy and security, forcing Redmond to pull the feature back shortly after it debuted. Now, it is returning with enhanced safety measures that Microsoft hopes will win back the community.
Microsoft is set to reintroduce its Recall feature for Copilot+ PCs after addressing security concerns that ultimately led to Redmond pulling it back in June, according to the company's president of OS security and enterprise, David Weston.
The security community had significant concerns about Recall when it was first announced. Weston goes into great detail about the new features, which may pave the way to acceptance this time – after users and experts have thoroughly vetted it.
Perhaps most significantly, Recall is now designed as opt-in, giving users full control over their data. "If a user doesn't proactively choose to turn it on, it will be off, and snapshots will not be taken or saved," according to Weston. "Users can also remove recall entirely by using the optional features settings in Windows."
This appears to be a reversal of what Microsoft said earlier this month when Recall was found in a list of features you could disable, Tom's Hardware noted. Now, Recall remains inactive by default unless users enable it during setup. Tom's also notes that not all of the upgrades outlined by Weston are brand new, with some detailed in previous posts.
Still, there are some significant enhancements outlined in this update.
All sensitive data in Recall, including snapshots and associated information, is encrypted. The encryption keys are safeguarded by the Trusted Platform Module (TPM) and linked to the user's Windows Hello Enhanced Sign-in Security identity.
Recall's services operate within a secure Virtualization-based Security Enclave (VBS Enclave), ensuring that only user-requested information leaves the secure environment. The feature leverages Windows Hello Enhanced Sign-in Security for authorizing Recall-related operations, such as changing settings and accessing the Recall user interface. Additional security measures, like rate-limiting and anti-hammering, act against potential malware attacks.
At the heart of the architecture is the Secure Settings, a protected data store within the VBS Enclave that safeguards security configuration data. Complementing this is the Semantic Index, which transforms images and text into encrypted vectors for search.
To store user data securely, the Snapshot Store houses encrypted snapshots along with their associated metadata. Users interact with the system through the Recall User Experience, an interface designed for accessing and searching saved information. Snapshot Service operates as a background process, handling the saving and querying of data within the VBS Enclave.
Snapshots are only accessible after users authenticate using their Windows Hello credentials. To prevent potential system overload from malicious requests, Recall uses concurrency protection and monotonic counters.
Recall also offers a range of privacy controls. All snapshots and associated information are stored locally on the device, and no data is shared with Microsoft or third parties. Users can delete snapshots, pause the feature, or turn it off entirely at their discretion. The system also provides filtering options for specific apps or websites, automatically excludes in-private browsing sessions, and employs sensitive content filtering to minimize the storage of passwords and personal information.
"You are always in control, and you can delete snapshots, pause, or turn them off at any time," Weston said. "Any future options for the user to share data will require fully informed explicit action by the user."
Recall is designed to operate exclusively on Copilot+ PCs that meet the Secured-core standard. These systems come equipped with BitLocker or Device Encryption for data protection, TPM 2.0 for secure key management, and virtualization-based security with hypervisor-enforced code integrity.
Furthermore, these PCs utilize Measured Boot and System Guard Secure Launch to verify system integrity during startup, as well as Kernel DMA Protection to guard against peripheral-based attacks.
Windows Recall returns to Copilot+ PCs as an optional feature
